security and ethical challenges of infornation technology
DESCRIPTION
With the proliferation of Electronic Commerce and the “Virtual Office,” threats are becoming an everyday occurrence to business. In fact, more threats arrive daily than business can combat them.TRANSCRIPT
Security & Ethical challenges in an OrganisationVIVEK
The government has recently said in Rajya Sabha that 1,600 arrests have been made related to cyber crimes under the Information Technology Act of 2000.
The interesting aspect of these numbers is that the number of cyber crimes has gone up 10 fold in the past couple of years.
Introduction
With the proliferation of Electronic Commerce and the “Virtual Office,” threats are becoming an everyday occurrence to business. In fact, more threats arrive daily than business can combat them. Threats to business can happen at any level, such as from
Physical Access Entry to the place of business
The Internet and company Intranet
Lack of Security Policy enforcement
Employees of the business themselves
Wireless Access to the company network, etc.
Security Challenges
1. Hacking
Hacking
Hacking is often called the biggest danger to the economic security of the Company or Nation.
President Obama has gone on record as calling the cyber threat “one of the most serious and economic and national security challenges we face as a nation.
Hacking
By attacking business networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.
Hacking
Every company is at risk. Even big names are not immune — LinkedIn was the victim of hackers in June, and Google was attacked in 2011, when hackers gained access to hundreds of user accounts.
Several News Related to this challenges
Coke Gets Hacked And Doesn’t Tell Anyone
http://www.businessweek.com/news/2012-11-04/coke-hacked-and-doesn-t-tell
Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886)
Several News Related to this challenges
A Huge Error From Apple Led To A Wired Reporter Getting Hacked Hard (Aug 6 2012)
http://www.businessinsider.com/a-huge-error-from-apple-led-to-a-wired-reporter-getting-hacked-hard-2012-8
One of the biggest stories in the tech world was Wired reporter Mat Honan getting "hacked, hard" in his own words. It's a pretty terrifying tale if you have anything of personal significance on your computer.
Hacking
So how do hackers get in the door?
Hacking
Email Social Engineering/Spear Phishing
Infection Via A Drive-By Web Download
USB Key Malware
Scanning Networks For Vulnerabilities And Exploitment
Guessing Or Social Engineering Passwords
Wifi Compromises
Stolen Credentials From Third-Party Sites
Insiders
Cyber Theft
Crooks are breaking into banks and stealing money. But it’s not Baby Face Aditi or Jesse James Gautam doing the robberies. Today’s thieves and crooks don’t have cool sounding names. These are nameless, faceless, anonymous cyber thieves.
Cyber Theft
There is a growing epidemic of online financial transaction theft from American banks and financial institutions. Just since 2008, cyber thieves have stolen millions of dollars from small businesses, school districts, churches, public libraries, municipalities, water districts and nonprofits.
Cyber Theft
According to a recent victims’ survey by cyber security giant Symantec, “Corporate Account Takeover” attacks against small businesses doubled in 2012, reported Krebs on Security. While many financial institutions make good on depositors losses from Corporate Account Takeover fraud and theft, many more disclaim any responsibility for such losses.
News Related to this challenges
The Western Beaver public school district in Pennsylvania filed a lawsuit against its bank after cyber-thieves used malicious software to siphon more than $700,000 from the school's account at ESB. According to the lawsuit, the funds were transferred in 74 separate transactions over a two-day period.
News Related to this challenges
Cyber-crooks stole $1.2 million from Unique Industrial Product Co., a Sugar Land, Texas-based plumbing equipment supply company. The company's operations manager said a forensic analysis showed the attackers used malware planted on its computers to initiate 43 transfers out of the company's account within 30 minutes.
News Related to this challenges
Fraudsters struck JM Test Systems, an electronics calibration company in Baton Rouge. According to the company's controller, an unauthorized wire transfer of $45,640 was sent from JM's account to a bank in Russia. The company's bank subsequently provided the company with new credentials. But less than a week later, another $51,550 of JM Test's money was transferred to five money mules across the country. The company was able to recover only $7,200 of the stolen money, which was returned only because one mule who was to receive that transfer apparently closed their account before the transfer could be completed.
Cyber Theft
Phishing
Pharming ((Also Domain Spoofing and DNS Poisoning)
Cyber Theft
Security Challenges
3. Unauthorized use at work
Unauthorized use at work
As it becomes easier for people to access computer databases, ease of use means ease of abuse. Using the computer, individual employees can quickly and quietly commit serious crimes that are very difficult to detect. They can steal information, change information, or destroy information in automated file systems while sitting at their desk and doing nothing that appears out of the ordinary to casual observers.
Unauthorized use at work
Personnel with technical skills and administrative access to a network are also capable of damaging or impairing the operability of critical information systems. There have been numerous cases of such malicious behavior by disgruntled IT professionals with some level of administrative access to a government or corporate system.
Unauthorized use at work
Owing to the magnitude of problems that can be caused by misuse of computer systems, all agencies have a vested interest in maintaining a work environment that fosters high standards of computer security.
Potentially Disqualifying Conditions
Illegal or unauthorized entry into any information technology system or component thereof
illegal or unauthorized modification, destruction, manipulation or denial of access to information, software, firmware, or hardware in an information technology system
use of any information technology system to gain unauthorized access to another system or to a compartmented area within the same system
downloading, storing, or transmitting classified information on or to any unauthorized software, hardware, or information technology system
Potentially Disqualifying Conditions
Introduction, removal, or duplication of hardware, firmware, software, or media to or from any information technology system without authorization, when prohibited by rules, procedures, guidelines or regulations
negligence or lax security habits in handling information technology that persist despite counseling by management
any misuse of information technology, whether deliberate or negligent, that results in damage to the national security.
Security Challenges
4. Software Piracy
Software Piracy
Software piracy is stealing. If you or your company are caught copying and/or distributing illegal copies of software, you could be held liable under both civil and criminal laws. If the software owner decides to sue you or your company, the owner can seek to stop you from using/distributing its software immediately and can also request monetary damages.
Consequences of Software Piracy
Increase the chances that the software will not function correctly or will fail completely;
Forfeit access to customer support, upgrades, technical documentation, training, and bug fixes;
Have no warranty to protect themselves;
Increase their risk of exposure to a debilitating virus that can destroy valuable data;
May find that the software is actually an outdated version, a beta (test) version, or a nonfunctioning copy;
Are subject to significant fines for copyright infringement; and
Risk potential negative publicity and public and private embarrassment.
Other side of story
The losses suffered as a result of software piracy directly affect the profitability of the software industry. Because of the money lost to pirates, publishers have fewer resources to devote to research and development of new products, have less revenue to justify lowering software prices and are forced to pass these costs on to their customers.
Security Challenges
4. Piracy of intellectual property
Piracy of Intellectual Property
That piracy of goods embodying intellectual property is an enormous worldwide problem cannot be denied.
Piracy of Intellectual Property
The World Customs Organization, for example, has found in its most recent survey that around 5% of all world trade is trade in pirated goods. The European Commission has, in similar terms, concluded that between 5% and 7% of world trade depends on piracy, representing 200 to 300 billion euro in lost trade.
Piracy of Intellectual Property
Music
Films
Books
Software
Music Piracy
More than one in three CD's sold in the world were pirate products!
In addition, a significant percentage of this lost income would have gone to the music publishers, and the songwriters and composers they represent, as all of these illegal CD's and cassettes embody the unauthorised mechanical reproduction of copyrighted songs and other compositions.
Music Piracy – Other side of Story
Secondary to these direct losses are all of the other consequential losses that piracy inevitably triggers: loss of employment opportunities in recording studios and retail stores, as well as losses from all of the other ancillary industries which contribute to the music industry, such as graphic artists and musical editors, video and film support, and marketing, promotional, and advertising experts.
Film Piracy
It is estimated that the U.S. motion picture industry loses in excess of US $3 billion annually in potential worldwide revenue due to commercial piracy!
But film industry losses from piracy are not a problem only for the major US studios. Thousands of Bollywood DVDs and CDs are sold in the UK annually, yet it is estimated that at least 4 out of 10 (and some would say as many as 7 out of 10) of these are pirate products.
Software Piracy
In the field of computer software, the value of losses to the economy of developed and
developing countries alike is immense, far greater even than that seen with respect to
music and films.
The Business Software Alliance, estimates that thirty-six percent of the
software installed on computers worldwide was pirated in 2003, representing a loss of
nearly US $29 billion.
Security Challenges
Summery
create a 'culture of security'
Assess risk and identify weaknesses
Create a contingency plan
Educate employees
Implement a security agreement
And as far as piracy and intellectual property is concern:
General of the World Intellectual Property Organization, Dr. Kamil
Idris, has observed, "Concerted action, enhanced public awareness, and galvanization of political will to eventually eradicate this problem and its negative effects on society” are all required.
Thank You!